Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-http-mac-01
Justin Richer <jricher@mitre.org> Fri, 10 August 2012 17:04 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A55721F880F for <oauth@ietfa.amsl.com>; Fri, 10 Aug 2012 10:04:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.575
X-Spam-Level:
X-Spam-Status: No, score=-6.575 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NonAc0cXwRra for <oauth@ietfa.amsl.com>; Fri, 10 Aug 2012 10:04:01 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 2BC2021F8808 for <oauth@ietf.org>; Fri, 10 Aug 2012 10:04:01 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 8037121B0668; Fri, 10 Aug 2012 13:04:00 -0400 (EDT)
Received: from IMCCAS02.MITRE.ORG (imccas02.mitre.org [129.83.29.79]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 67D2F21B07EF; Fri, 10 Aug 2012 13:04:00 -0400 (EDT)
Received: from [129.83.50.26] (129.83.31.51) by IMCCAS02.MITRE.ORG (129.83.29.79) with Microsoft SMTP Server (TLS) id 14.2.309.2; Fri, 10 Aug 2012 13:04:00 -0400
Message-ID: <50253EB2.705@mitre.org>
Date: Fri, 10 Aug 2012 13:02:42 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: Dick Hardt <dick.hardt@gmail.com>
References: <CAOKdZ1dzVcKBDt6CSLuHwc4NzUVd_hUMWdpJVS6=ncdJo05=UQ@mail.gmail.com> <502280D8.40708@mitre.org> <9AD4EEF7-6187-4A4F-A855-32819BCB8321@gmx.net> <5022D344.40600@mitre.org> <EEBC9705-16C0-4697-8F38-28660C3CB553@ve7jtb.com> <5023CC18.9090809@mitre.org> <1344531175.4871.YahooMailNeo@web31812.mail.mud.yahoo.com> <3940317E-948C-4909-9B8F-2689A6B8D4EB@gmail.com> <1344534823.39489.YahooMailNeo@web31801.mail.mud.yahoo.com> <E3386483-222B-4B71-ADD4-0E8C0C0E18ED@gmail.com> <502418C3.5080402@mitre.org> <FD699F57-C56C-4D4C-A8CD-C1A2BF846C1C@gmail.com> <50253697.5070706@mitre.org> <8CA5C199-D005-45B6-A352-81F6396181AF@gmail.com>
In-Reply-To: <8CA5C199-D005-45B6-A352-81F6396181AF@gmail.com>
Content-Type: multipart/alternative; boundary="------------090009090506020700050207"
X-Originating-IP: [129.83.31.51]
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-http-mac-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2012 17:04:02 -0000
On 08/10/2012 12:48 PM, Dick Hardt wrote: > On Aug 10, 2012, at 9:28 AM, Justin Richer wrote: > >> On 08/09/2012 06:47 PM, Dick Hardt wrote: >>> >>> On Aug 9, 2012, at 1:08 PM, Justin Richer wrote: >>> >>>> With MAC, you should be able to re-use about 80-90% of your >>>> existing codepath that's in place for Bearer, simplifying the setup >>>> below. >>> >>> That makes no sense, I would be adding MAC to the sites that support >>> MAC in addition to OAuth 1.0A or OAuth 2.0 >> >> You get to re-use all of the code for OAuth2 for issuing tokens (from >> server side) and requesting tokens (from client side). Apart from >> parsing the JSON value that's returned from the token endpoint (and >> you are using a generic parser there, right?), nothing changes here. >> The part where you *use* the token to access a protected resource >> (client), or *validate* a request to a protected resource (server) >> changes significantly, yes. But that's only a small part of the process. > > That makes sense, sorry I was not clear on what I said did not make > sense, which was "simplifying the setup below" > > As a client developer, adding MAC to the mix *increases* my code base > as it is yet another protocol to understand and implement against. > OAuth 1.0A and OAuth 2.0 bearer are not going to go away. > > OK, I follow now. Yes, that's a fair concern for anyone who has to support multiple protocols that aren't mutually compatible. I'm personally hoping that OAuth2/MAC will help push out most (if not all) of the remaining OAuth1 pieces we have here, helping is shut down at least one of those. -- Justin
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- [OAUTH-WG] mistake in draft-ietf-oauth-v2-http-ma… Justas Janauskas
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Hannes Tschofenig
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Phil Hunt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… John Bradley
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Tom Brown
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… John Bradley
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Stephen Farrell
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… prateek mishra
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Sergey Beryozkin
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… George Fletcher
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… David Waite
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… John Bradley
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Hannes Tschofenig
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Hannes Tschofenig
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Richer, Justin P.
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Richer, Justin P.
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Richer, Justin P.
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Rob Richards
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… John Bradley
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Dick Hardt
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… William Mills
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Sergey Beryozkin
- Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-htt… Justin Richer